Many processes to be performed on digital systems require ways to authenticate valid participants in the processes, as well as ways to securely perform a cryptographic process itself. This need is rapidly increasing with more data being completely processed in the digital domain. In addition, there is a growing need to deal with the daily evolution of security threats and identity-theft attack techniques. Stand-alone systems for performing these processes, and the processes themselves, are often vulnerable to such threats and attacks.
One way of addressing the above concerns is to recognize that performance of aspects of such processes over multiple platforms, as opposed to a stand-alone, would offer a measure of protection against such threats and attacks. Conveniently, there are readily available digital devices which might be used for this purpose. In particular, cellular phones are becoming an integral part of our daily lives. Many people cannot imagine spending an hour without access to their cellular phones. With the recent growth in consumer adoption of cellular phones, it seems natural to utilize cellular phones to aid and to provide various user processes or applications.
The cellular phone provides a mobile computing platform which is relatively secure. The number of security attacks targeting cellular phones is significantly lower than similar attacks targeting personal computers (PC) due to their limited nature. As cellular phones become more capable, it is expected that attacks, which were traditionally used to compromise PCs, will migrate to cellular phones. Indeed, within the last year, the first email worms have emerged, which target high end cellular phones. Another trend is the fast paced adoption of multiple internet enabled devices, e.g. cellular phones, laptops, netbooks, etc., by individual users. It is expected that in as short as few years, an average individual will own several internet-enabled electronic devices. In the light of these two trends, we make the critical observation that, while individual devices are becoming more and more prone to attacks, it is much harder to compromise multiple devices simultaneously. This concept leads to an essential element in the subject system and method. Once aspects of a system are based on multiple platforms, it becomes harder to compromise the security of the system.
An example cryptographic tool which can benefit from the above observation is encryption. Encryption software has become essential for both end users and corporations who are concerned about protecting sensitive private data stored on storage devices. Again, in the context of a single user, the sensitive personal data is usually stored in the PC and is accessed by the user and other trusted individuals. However, when the PC is stolen or lost, the user may incur significant loss. Recent studies show that owners of laptops that have been stolen are more concerned about their private data rather than the loss of the equipment itself. The situation is even worse in the corporate setting where numerous users share sensitive corporate data on multiple devices. These concerns have led many software vendors to release file encryption tools. However, one may argue that the weakest aspect of file encryption tools (and other cryptographic operations) is key management.
The same as the above can be said about different cryptographic operations. For all of these reasons, it has become important to provide systems and methods for securely performing cryptographic operations.